Project

General

Profile

Actions

Task #104549

closed

Activation of CSP headers for frontend per site in multidomain installation

Added by Natalie Kleine-Herzbruch 4 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Content Security Policy
Target version:
-
Start date:
2024-08-05
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Sprint Focus:

Description

In a multidomain installation, it is currently not possible to completely disable the output of CSP headers for a site if $GLOBALS['TYPO3_CONF_VARS']['SYS']['features']['security.frontend.enforceContentSecurityPolicy'] = true. The default CSP headers are still output even if no csp.yaml file is created. It would be great if you could decide per site whether CSP should be on or off in the frontend.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Task #104633: Combine disabling site-specific CSP with report-only modeClosed2024-08-15

Actions
Related to TYPO3 Core - Feature #101580: Add feature flag to enable CSP ReportOnly modeClosedOliver Hader2023-08-04

Actions
Actions

Also available in: Atom PDF